p-TORSION OF GENUS TWO CURVES OVER PRIME FIELDS 
OF CHARACTERISTIC p 



CHRISTIAN ROBENHAGEN RAVNSH0J 



Abstract. Consider the Jacobian of a hyperelliptic genus two curve defined 
over a prime field of characteristic p and with complex multiplication. In this 
paper we show that the p-Sylow subgroup of the Jacobian is either trivial or 
of order p. 



1. Introduction 

In elliptic curve cryptography it is essential to know the number of points on 
the curve. Cryptographically we are interested in elliptic curves with large cyclic 
subgroups. Such elliptic curves can be constructed. Th e construct ion is based on 
the theory of complex multiplication, studied in detail bv lAtkin and M orain (1993,). 
It is referred to as the CM method. 



iKoblitd l|l989[ ) suggested the use of hyperelliptic curves to provide larger group 



orders. Therefore constructions of hyperelliptic curves are interesting. The CM 
m ethod for ellipt ic curves has been generalized to hyperelliptic c urves o f genu s two 
by'SDallek'('l994'), and efficient algorithms have been proposed bv lWengI \200^ and 
[Caudry et al (2005). 

Both algorithms take as input a primitive, quartic CM field K (see section [3] for 
the definition of a CM field), and give as output a hyperelliptic genus two curve C 
defined over a prime field Fp. A prime number p is chosen such that p = xx for a 
number x € Ok, where £)k is the ring of integers of K. We have K = Q{i]) and 
KnR = Q{y/D), where r] = + and 



if £) = 1 mod 4, 



y/D, if £1 = 2, 3 mod 4. 



In this paper, the following theorem is established. 

Theorem 1. Let C be a hyperelliptic curve of genus two defined over a prime 
field Fp. Assume that End(C) ~ Ok, where K is a primitive, quartic CM field as 
defined in definition and that the p-power Frobenius under this isomorphism is 
given by a number in Okq + V^Kq, where rj is given as above. Then the p-Sylow 
subgroup of 3c{^p) is either trivial or of order p. 

2. Hyperelliptic curves 

A hyperelliptic curve is a smooth, projective curve C C P" of genus at least 
two with a separable, degree two morphism (f) : C . Let C be a hyperelliptic 
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curve of genus two defined over a prime field Fp of characteristic p > 2. By the 
Riemann-Roch theorem there exists an embedding tp : C ^ V'^, mapping C to a 
curve given by an equation of the form 

wher e / G ¥p[x] is of degree six and have no multiple roots (see Cassels and Flyniil . 
1996I . chapter 1). 



The set of principal divisors 5'(C) on C constitutes a subgroup of the degree 
divisors Divo(C). The Jacobian 3c of C is defined as the quotient 

ac =Divo(C)/5'(C). 

Since C is defined over Fp, the mapping (x, y) i-^ (x^ , y^) is a morphism on C . This 
morphism induces the p-power Frobenius endomorphism tp on the J acobian 3c- 
The characteristic polynomial P{X) of v is of degree fo ur ( Tatel . floiH Theorem 2, 
p. 140), and by the definition of P{X) fsee iLangjjigjj . pp. 109-110), 

iac(Fp)i = p(i), 

i.e. the number of Fp-rational points on the Jacobian is determined by P{X). 

3. CM FIELDS 

An elliptic curve E with Z ^ End(i?) is said to have complex multiplication. Let 
K be an imaginary, quadratic number field with ring of integers Qk- K \s a CM 
field, and if End(£') ~ Dk, then E is said to have CM by Dk- More generally a 
CM field is defined as follows. 

Definition 2 (CM field) . A number field i^T is a CM field, if iiT is a totally imaginary, 
quadratic extension of a totally real number field Kg. 

In this paper only CM fields of degree [K : Q] = A are considered. Such a field 
is called a quartic CM field. 

Remark 3. Consider a quartic CM field K. Let Kq = K he the real subfield 
of K. Then Kq is a real, quadratic number field, Kq — Q{Vd). By a basic result 
on quadratic number fields, the ring of integers of Kq is given by Oko = Z + ^Z, 
where 

if 15 = 1 mod 4, 
^V^, if£) = 2,3 mod 4. 

Since K is a totally imaginary, quadratic extension of Kq, a number r] £ K exists, 
such that K — Ko{'i]), rf e Kq. The number ry is totally imaginary, and we may 
assume that -q = irjo, rjo e K. Furthermore we may assume that G Okq', so 
?7 = i\/a + 6^, where a, 6 e Z. 

Let C be a hyperelliptic curve of genus two. Then C is said to have CM by Dk, 
if End(C) ~ Ok- The structure of K determines whether C is irreducible. More 
precisely, the following theorem holds. 

Theorem 4. Let C be a hyperelliptic curve of genus two with End(C) ~ Ok, where 
K is a quartic CM field. Then C is reducible if, and only if, K/Q is Galois with 
Galois group Gal(X/Q) ~ Z/2Z x Z/2Z. 

Proof (|Shimural . ll998l Proposition 26. p. 61). □ 
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Theorem |4] motivates the following definition. 

Definition 5 (Primitive, quartic CM field). A quartic CM field K is called primi- 
tive if either K/Q is not Galois, or K/Q is Galois with cycHc Galois group. 

The CM method for constructi ng curves of g enus two with prescribed endomor- 
phism ring is described in detail by WengI 1 2003f l and Gaudrv et al ( 2005 ). In short, 
the CM method is based on the construction of the class polynomials of a primitive, 
quartic CM field K with real subfield Kq of class number h{Ko) — 1. The prime 
numb er p has to be chosen such that p = xx for a number x G Ok- By WengI 
( 2003h we may assume that x G Okq + V^Ko- 

4. The p-SvLOw subgroup of dci^p) 

Let K he a primitive, quartic CM field with real subfield Kq = Q{\/D) of class 
number h{Ko) = 1. Cf. Remark [3] we may write K = Qirj), where rj — i^a + b£, 
and 

'i±^, if £1 = 1 mod 4, 

^V^, if £1 EE 2, 3 mod 4. 

Let p be a prime number such that p — xx for a number x G Okq + vOkq- Let C 
be a hyperelliptic curve of genus two defined over Fp with End(C) ~ Ok- Assume 
that the p-power Frobenius under this isomorphism is given by the number 

(1) LU ^ Ci+C2( + (C3 + C4^)77, a G Z. 

Since the p-power Frobenius is of degree p, we know that uZJ — p. 

Remark 6. If C2 = in then Gal(A7Q) ~ Z/2ZxZ/2Z, and K is not primitive. 
So C2 ^ 0. 

The characteristic polynomial P{X) of the Frobenius is given by 

4 
i=l 

where uii are the conjugates of co. Since the conjugates of uj are given by lui = lu, 
0J2 = wi, UJ3 and oja = oJa, where = ci + C2C' + (ca + C4^')rj' , rj' = i\/a + b^' and 

e2,3 mod 4 
I 2,3 mod 4 
it follows that 

P{X) =X'^^ AciX^ + (2p + A{cl - clD))X^ - AcipX + p^ 
if £1 = 2, 3 mod 4, and 

P{X) ^X^ ~ 2cX^ + (2p + - clD)X'^ - 2cpX + p^ 

if £> = 1 mod 4. Here, c = 2ci + C2- We notice that 4 | P(l) = \dc{^p)\- This 
observation leads to the following lemma. 

Lemma 7. Let C be a hyperelliptic curve of genus two defined over a prime field Fp 
of characteristic p > 5. Assume that End(C) ~ Ok and that the p-power Frobenius 
under this isomorphism is given by a number in Oko + vOkoj where rj is given as 
in remark\M Then the p-Sylow subgroup of3c{^p) is either trivial or of order p. 
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Proof. Assume \ N = \2ici^p)\- Since — we know that 

4 



N 

p-Sylow subgroup of 3c(]F'p) is of order at most p. □ 



Hence, < 4 for p > 5. But then 4 | iV, a contradiction. So \ N, i.e. the 



Now consider the case p < 5. Assume at first that Z? = 2,3 mod 4. Since 
cjitUi = 072^72 ~ P, we know that |ci ± C2\/I?| < ^/P- Thus, 

\C2^\ = ^ Ci + C2\/I? - {ci - C2VD 

< ^ ( Ci + C2\/l3 + Ci - C2\/I? 

< 

Similarly we see that |ci| < ^/p. Assume that D > 5. Then |c2| < < 1. So 
C2 = 0, since C2 € Z. This contradicts remark [H i.e. D < 5. Now assume that 

D — 2. Then C2 < < i.e. C2 G {0,±1}. Therefore it follows by calculating 

N for each of the possible values of ci and C2, that if | N, then C2 — 0. This is 
again a contradiction. So if D = 2, then \ N. Similar it follows that if Z) = 3, 
then p"^] N. 

Finally assume that D = 1 (mod 4). Then it follows from wicUi — LO20J2 — P 
that |ci + C2^^^^\ < VP- Thus, \c2VD\ < 2yfp and |2ci - C2I < 2y/p. Assume 
that D > 20. Then \c2\ < 2^J^ = 1, i.e. C2 = 0, a contradiction. So D < 20. By 

calculating N for each of the possible values of p, D, c and C2 it follows that p^ \ N 
also in this case. Hence the following lemma is established. 

Lemma 8. Let C be a hyperelUptic curve of genus two defined over a prime field ¥p 
of characteristic p < 5. Assume that End(C) ~ Dk and that the p-power Frohenius 
under this isomorphism is given by a number in Okq + V^Ko, where r/ is given as 
in remark\^ Then the p-Sylow subgroup of 3ci^p) is either trivial or of order p. 

Summing up, the following theorem holds. 

Theorem 9. Let C be a hyperelUptic curve of genus two defined over a prime 
field ¥p. Assume that End(C) ~ Dk and that the p-power Frobenius under this 
isomorphism is given by a number in Okq +11^ Ko, where rj is given as in remarkWi 
Then the p-Sylow subgroup of Sci^p) is either trivial or of order p. 
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